Concepts for security and code quality
Learn core concepts for GitHub's security and code quality features.
- Concepts for secret security
- About secret scanning
- About push protection
- About secret security with GitHub
- About secret scanning alerts
- Custom patterns
- About validity checks
- About delegated bypass for push protection
- About bypass requests for push protection
- About secret scanning for partners
- GitHub secret types
- Secret scanning push protection metrics
- Push protection from the command line
- Working with push protection and the GitHub MCP server
- Working with push protection from the REST API
- Concepts for code scanning
- About code scanning
- About code scanning alerts
- About Copilot Autofix for code scanning
- About setup types for code scanning
- About integration with code scanning
- About SARIF files for code scanning
- Code scanning merge protection
- Multi-repository variant analysis
- Concepts for CodeQL
- About the tool status page
- CodeQL pull request alert metrics
- About GitHub Code Quality
- Supply chain security
- About supply chain security
- Best practices for maintaining dependencies
- About the dependency graph
- How the dependency graph recognizes dependencies
- About dependency review
- About Dependabot alerts
- About metrics for Dependabot alerts
- About Dependabot security updates
- About Dependabot version updates
- About Dependabot pull requests
- About the dependabot.yml file
- About Dependabot auto-triage rules
- About Dependabot on GitHub Actions runners
- Dependabot job logs
- Immutable releases
- About linked artifacts
- Concepts for vulnerability reporting and management
- Concepts for security at scale